debian-mirror-gitlab/workhorse/internal/upload/multipart_uploader.go

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

42 lines
1.6 KiB
Go
Raw Normal View History

2021-02-22 17:27:13 +05:30
package upload
import (
"net/http"
2021-10-27 15:23:28 +05:30
"gitlab.com/gitlab-org/gitlab/workhorse/internal/api"
2021-02-22 17:27:13 +05:30
)
2022-04-04 11:22:00 +05:30
// Multipart is a request middleware. If the request has a MIME multipart
// request body, the middleware will iterate through the multipart parts.
// When it finds a file part (filename != ""), the middleware will save
// the file contents to a temporary location and replace the file part
// with a reference to the temporary location.
func Multipart(rails PreAuthorizer, h http.Handler, p Preparer) http.Handler {
2021-02-22 17:27:13 +05:30
return rails.PreAuthorizeHandler(func(w http.ResponseWriter, r *http.Request, a *api.Response) {
s := &SavedFileTracker{Request: r}
2022-07-23 23:45:48 +05:30
interceptMultipartFiles(w, r, h, s, &eagerAuthorizer{a}, p)
}, "/authorize")
}
// SkipRailsPreAuthMultipart behaves like Multipart except it does not
// pre-authorize with Rails. It is intended for use on catch-all routes
// where we cannot pre-authorize both because we don't know which Rails
// endpoint to call, and because eagerly pre-authorizing would add too
// much overhead.
func SkipRailsPreAuthMultipart(tempPath string, myAPI *api.API, h http.Handler, p Preparer) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
s := &SavedFileTracker{Request: r}
// We use testAuthorizer as a temporary measure. When
// https://gitlab.com/groups/gitlab-com/gl-infra/-/epics/742 is done, we
// should only be using apiAuthorizer.
fa := &testAuthorizer{
test: &apiAuthorizer{myAPI},
actual: &eagerAuthorizer{&api.Response{TempPath: tempPath}},
2021-02-22 17:27:13 +05:30
}
2022-07-23 23:45:48 +05:30
interceptMultipartFiles(w, r, h, s, fa, p)
})
2021-02-22 17:27:13 +05:30
}